CVE-2023-37412

CWE-2503 documents3 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 70.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Faspex
Timeline
PublishedJan 29

Description

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/aspera_faspex5.0.05.0.10
NVDibm/aspera_faspex5.0.05.0.10

🔴Vulnerability Details

2
GHSA
GHSA-rrmh-m2fw-63jp: IBM Aspera Faspex 52025-01-29
CVEList
IBM Aspera Faspex improper access control2025-01-29
CVE-2023-37412 (MEDIUM CVSS 4.9) | IBM Aspera Faspex 5.0.0 through 5.0 | cvebase.io